Authentication bypass in OpenFlow - CVE-2018-1000155
Published: May 28, 2018
Vulnerability identifier: #VU13022
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1000155
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
OpenFlow
OpenFlow
Software vendor:
Open Networking Foundation
Open Networking Foundation
Description
The vulnerability allows an adjacent attacker to bypass authentication on the target system.
The weakness exists due to improper authentication and authorization between an affected OpenFlow controller and a switch communicating with the controller during an OpenFlow handshake. An adjacent attacker who has access to a switch and is able to establish a secure connection with a targeted OpenFlow controller can spoof DataPath Identifiers (DPIDs), send features_reply messages from the switch that the targeted controller would inherently trust and cause the service to crash or bypass security restrictions.
The weakness exists due to improper authentication and authorization between an affected OpenFlow controller and a switch communicating with the controller during an OpenFlow handshake. An adjacent attacker who has access to a switch and is able to establish a secure connection with a targeted OpenFlow controller can spoof DataPath Identifiers (DPIDs), send features_reply messages from the switch that the targeted controller would inherently trust and cause the service to crash or bypass security restrictions.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.